注:
Elasticsearch
示例版本:
7.6.2
⼀、单机版
1.
修改配置
需要在配置⽂件中开启
x-pack
验证
,
修改
config
⽬录下⾯的
elasticsearch.yml
⽂件,在⾥⾯添加如下内容
,
并重启
es.
1
xpack
.
security
.
enabled
:
true
2
xpack
.
license
.
self_generated
.
type
:
basic
3
xpack
.
security
.
transport
.
ssl
.
enabled
:
true
2.
设置密码
进⼊
es
的安装根⽬录
bin
下,
/usr/local/elasticsearch-7.6.2/bin
执⾏设置⽤户名和密码的命令
,
这⾥需要为
4
个⽤户分别设置密码,
elastic, kibana, logstash_system,beats_system
1
.
/
elasticsearch
-
setup
-
passwords interactive
2
Enter password
for
[
elastic
]:
3
Reenter password
for
[
elastic
]:
4
Enter password
for
[
kibana
]:
5
Reenter password
for
[
kibana
]:
6
Enter password
for
[
logstash_system
]:
7
Reenter password
for
[
logstash_system
]:
8
Enter password
for
[
beats_system
]:
9
Reenter password
for
[
beats_system
]:
10
Changed password
for
user
[
kibana
]
11
Changed password
for
user
[
logstash_system
]
12
Changed password
for
user
[
beats_system
]
13
Changed password
for
user
[
elastic
]
3.
测试
将
kibana.yml
添加,并重启
kibana
:
1
elasticsearch
.
username
:
"elastic"
2
elasticsearch
.
password
:
"xxxx"
4.
修改密码
修改密码时,将第⼀步配置删除,然后重启
es
,将
.security-7
的索引删除即可。
然后重新
1-4
步骤。
⼆、集群版
1.
⽣成
TLS
和身份验证
单独使⽤⼀个节点⽣成证书;
证书会⽣成在
config
⽬录下,证书⽂件名为
elastic-certificates.p12
;
1
su esuser
2
cd
/
usr
/
local
/
elasticsearch
-
7.6.2
/
bin
3
.
/
elasticsearch
-
certutil cert
-
out
/
usr
/
local
/
elasticsearch
-
7.6.2
/
config
/
elastic
-
certificates
.
p12
-
pass
执⾏完上⾯命令以后就可以在
elasticsearch
⽬录下的
config
⽬录⾥看到多了⼀个
elastic-certificates.p12
⽂件;
把
elastic-certificates.p12
这个⽂件复制到其他节点下
,也是
elasticsearch
⽬录下的
config
⽬录⾥即可;
2.
修改配置
编辑
elasticsearch.yml
⽂件(
每个节点都要配置
)开启
x-pack
功能,并指定证书位置
1
#
加密配置
2
xpack
.
security
.
enabled
:
true
3
xpack
.
security
.
transport
.
ssl
.
enabled
:
true
4
xpack
.
security
.
transport
.
ssl
.
verification_mode
:
certificate
5
xpack
.
security
.
transport
.
ssl
.
keystore
.
path
:
elastic
-
certificates
.
p12
6
xpack
.
security
.
transport
.
ssl
.
truststore
.
path
:
elastic
-
certificates
.
p12
3.
重启
es
集群
全部节点都要重启⼀遍
4.
设置访问密码
在
其中⼀个节点设置密码即可
,设置完之后,数据会⾃动同步到其他节点。
1
# cd
到
elasticsearch
⽬录下的
bin
⽬录执⾏
2
su esuser
3
cd
/
usr
/
local
/
elasticsearch
-
7.6.2
/
bin
4
.
/
elasticsearch
-
setup
-
passwords interactive
依次对每个账户设置密码
1
Enter password
for
[
elastic
]:
2
Reenter password
for
[
elastic
]:
3
Enter password
for
[
kibana
]:
4
Reenter password
for
[
kibana
]:
5
Enter password
for
[
logstash_system
]:
6
Reenter password
for
[
logstash_system
]:
7
Enter password
for
[
beats_system
]:
8
Reenter password
for
[
beats_system
]:
9
Changed password
for
user
[
kibana
]
10
Changed password
for
user
[
logstash_system
]
11
Changed password
for
user
[
beats_system
]
12
Changed password
for
user
[
elastic
]
5.
测试验证
将
kibana.yml
添加,并重启
kibana
:
1
elasticsearch
.
username
:
"elastic"
2
elasticsearch
.
password
:
"xxxx"
到了这里,关于ES设置⽤户名和密码的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!